Antarctica Starts Here. - Memories of things that haven't happened yet, predictions of things that have come to pass.

« Interview with Muslix… | Home | A new world record! »

DNS greylisting to lessen the amount of incoming spam.

Thursday 25 January 2007 at 11:35 pm
Greylisting is a technique for slowing down the oncoming torrent of spam on the Net today by breaking spamware that isn't compliant with the SMTP RFCs. It consists of a simple alteration to your DNS zonefiles that places an IP address that doesn't have anything listening on port 25/TCP in the position of your primary MX, and the addresses of your real MX's in positions of lower priority in you DNS zone. Spamware that isn't compliant looks at your DNS records for the IP address of the primary MX, tries to contact it, fails, and gives up, or at least that's the theory behind it. Legitimate SMTP servers trying to transmit e-mail, upon detecting the first failure to connect, will move down the list to the next most highly ranked MX in your domain's zonefiles, and so on until it's out of servers to try. I plan on trying it soon on the Network to se if it's worth anything; if it works it'll buy us some more time before we have to build a new mail server.

Used tags: dns, greylisting, networking, smtp, spam

Fight Spam! Click Here!

Trackback link:

Please enable javascript to generate a trackback url

four comments recorded.

I can’t see this as very effective.
I suspect that spamware will rapidly adapt to this change, and that it will simply result in more net traffic as legit servers keep looking for your email server.

My own belief is that the spam problem can only be resolved in meatspace.

Hasufin - 26 01 07 - 02:35 - Reply to comment?

Hmm, at first I was with Hasufin on this one, but it appears that they already thought of that and the additional impact on the legit servers appears to be negligible. Also, it appears that this is completely RFC compliant… as they say, it’s no different from simply having a broken primary MX, and the specification is built to account for that eventuality. Good luck with it. :)

[Jarandhel] (URL) - 26 01 07 - 09:04 - Reply to comment?

I suspect much the same thing. Spamming is profitable enough that spambots will take this into account, or at least they will once their current strategies are no longer fruitful. It’ll work as a stopgap for at least a few months. Still, it’s an interesting technical solution in the short term, reminiscent of the “shut down your MX’s for a weekend” technique of the late 1990’s.

Remember what happened in the Russian Confederation last year? That was a real solution.

The Doctor (URL) - 26 01 07 - 21:27 - Reply to comment?

The best fixes are those already planned for in the long term.

Thanks. I’ll post about how well it worked later.

The Doctor (URL) - 26 01 07 - 21:28 - Reply to comment?

Name:

Remember personal info?
Yes
No

Email:

URL:

Comment:

/ Textile

(Register your username / Log in)

Notify:		Yes, send me email when someone replies.
Hide email:		Yes, hide my email address.

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.